Cody Pierce has reported a vulnerability in Firebird, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error within the handling of "connect" requests (0x1) with a large "p_cnct_count" value. This can be exploited to cause a buffer overflow by sending a specially crafted connect request to a vulnerable server (default port 3050/TCP). The vulnerability is reported in Firebird 2. Other versions may also be affected. SOLUTION: Update to version 2.0.1.
setting status and cc'ing maintainers. I see that there is a 2.0.1 in the tree, is it ok for going stable?
I have not switched to 2.0.1 on my production systems yet. Mainly due to a character set issue. Another user helped out with that, and I committed the changes last night. Really just needs testing. That and I need to modify the pkg_config or etc stuff to deal with backing up and restoring the security.gdb -> security2.gdb. Which the meta has to be updated modified first. A sql script is provided. I just need to modify that to call it before it backs up and restores. Or in that process. Beyond that, testing, baring any bugs should be good to go for stabilization.
William, I'm not sure wether that was a yes or no :) Are these changes essential for successful user upgrades or should we just go ahead and test the current version? The issue looks pretty serious.
If you want a clear yes or no, it would likely be no for now. One way around that is to get rid of pkg_config, and leave backing/restoring/migrating the security.fdb -> security2.fdb entirely to the user. So it's kinda up to personal preference as to what is essential for a user. However upstream pushes everyone toward 2.0.x anyway. I myself have no problems with going ahead, testing and stabilizing 2.0.x. I believe their could be a problem with the user created log file symlink or etc. That is also done in pkg_config, in past ebuilds. In 2.0.1 I moved that to src_install so firebird can start upon install out of the box. Just need to remove that from 2.0.1's pkg_config. Other than those two things, which depending on the person can be moot or major. We should be good to go for stabilizing and testing. So with that, let's go ahead and look to test and stabilize per the security issue. I will address what ever I need to during that process. If and when those issues or others surface. Began with a NO, ending with a YES. Confused yet :)
YES. Please make sure that there proper upgrade instructions/warnings :) Arches please test and mark firebird-2.0.1.12855.0-r3 stable.
dev-db/firebird-2.0.1.12855.0-r3 USE="doc examples -debug -xinetd" 1. emerges on x86, I am not shure if this is a problem: >>> Install firebird-2.0.1.12855.0-r3 into /var/tmp/portage/dev-db/firebird-2.0.1.12855.0-r3/image/ category dev-db install: omitting directory `examples/api' bzip2: Can't open input file /var/tmp/portage/dev-db/firebird-2.0.1.12855.0-r3/image/usr/share/doc/firebird-2.0.1.12855.0-r3/examples/api: No such file or directory. ... 2. passes collision test 3. dev-db/flamerobin-0.7.6 emerges with it 4. seems to work Portage 2.1.2.7 (default-linux/x86/2007.0/desktop, gcc-4.1.2, glibc-2.5-r3, 2.6.20.14 i686) ================================================================= System uname: 2.6.20.14 i686 Genuine Intel(R) CPU T2300 @ 1.66GHz Gentoo Base System release 1.12.9 Timestamp of tree: Wed, 13 Jun 2007 19:30:01 +0000 dev-java/java-config: 1.3.7, 2.0.32 dev-lang/python: 2.3.5-r3, 2.4.4-r4 dev-python/pycrypto: 2.0.1-r5 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c" CXXFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--nospinner" FEATURES="collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox" GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/" LINGUAS="en de en_GB de_CH" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X a52 aac acl acpi alsa apache2 asf avahi berkdb bitmap-fonts cairo cdr cdrom cli cracklib crypt cups dbus divx dri dts dvd dvdr dvdread eds emboss encode evo fam ffmpeg firefox flac fortran gdbm gif gnome gpm gstreamer gtk hal iconv ipv6 isdnlog java jpeg kde kdeenablefinal kerberos ldap libg++ mad midi mikmod mmx mono mp3 mpeg mudflap ncurses nls nptl nptlonly ogg opengl openmp oss pam pcre pdf perl png pppd python qt3 qt3support qt4 quicktime readline reflection rtsp ruby samba sdl session smp spell spl sse sse2 sse3 ssl svg tcpd test tetex theora threads tiff truetype truetype-fonts type1-fonts unicode vcd vorbis wifi win32codecs wxwindows x264 x86 xine xml xorg xprint xv xvid zlib" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LINGUAS="en de en_GB de_CH" USERLAND="GNU" VIDEO_CARDS="i810 fbdev vesa" Unset: CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
I am losing my mind. I forgot to commit a fix for character sets the other day. Please test and stabilize -r4. I do have one other change I need to make to pkg_config, wrt to security.fdb -> security2.fdb. Will try to address that tomorrow/today. It's getting a bit late now.
There is some minor QT stuff that needs addressing before we stabilize. That will cause stable packages to break. Not sure if those QT packages will need to go stable. If we have a fix in ~arch that's good enough for now, and QT can be stabilized on it's own time frame. Up to you all there. Added bug as a dependency of this one. It will cause qt to fail when firebird use flag is set on 64bit systems. But that can also be address with a use flag mask or etc in lieu of a rush qt stabilization.
No for sparc: After adding the required libedit package, the firebird build fails with a bus error, thus. ========================================== make[3]: Leaving directory `/var/tmp/portage/dev-db/firebird-2.0.1.12855.0-r4/work/Firebird-2.0.1.12855-0/gen' make -f ../gen/Makefile.refDatabases empty_db make[3]: Entering directory `/var/tmp/portage/dev-db/firebird-2.0.1.12855.0-r4/work/Firebird-2.0.1.12855-0/gen' make -f ../gen/Makefile.embed.util ../gen/firebird/bin/create_db make[4]: Entering directory `/var/tmp/portage/dev-db/firebird-2.0.1.12855.0-r4/work/Firebird-2.0.1.12855-0/gen' make[4]: `../gen/firebird/bin/create_db' is up to date. make[4]: Leaving directory `/var/tmp/portage/dev-db/firebird-2.0.1.12855.0-r4/work/Firebird-2.0.1.12855-0/gen' rm -f empty.fdb ../gen/firebird/bin/create_db empty.fdb make[3]: *** [empty.fdb] Bus error make[3]: *** Deleting file `empty.fdb' make[3]: Leaving directory `/var/tmp/portage/dev-db/firebird-2.0.1.12855.0-r4/work/Firebird-2.0.1.12855-0/gen' make[2]: *** [empty_db] Error 2 make[2]: Leaving directory `/var/tmp/portage/dev-db/firebird-2.0.1.12855.0-r4/work/Firebird-2.0.1.12855-0/gen' make[1]: *** [../gen/firebird/security2.fdb] Error 2 make[1]: Leaving directory `/var/tmp/portage/dev-db/firebird-2.0.1.12855.0-r4/work/Firebird-2.0.1.12855-0/gen' make: *** [firebird] Error 2 =================================== On sparc, this means create_db tried to use a misaligned pointer. Typically, this is because of an impermissible widening of a (char*) to something else. I'm removing sparc from the CC and adding myself. Ask again when the pointer reference is fixed.
Might i add that firebird is generally USE.masked...
Back to ebuild to get a fix for sparc. Otherwise we'll have to mask it on sparc.
what do we do? it's a quite serious issue... should we mask it on sparc? sparc/maintainers please advise.
I lack C/C++ skills to help or resolve myself. Not to mention no access to said arch. So not much I can do.
It's already USE.masked mainstream it seems, so just dropping keywords from the package should suffice (double-check to avoid broken deps though).
Ok will do. Tied up with other things atm, but will do it before I pass out sometime later tonight, EDT :)
Ok I have dropped firebird 1.5.x down to -sparc. So we should be good to go now to stabilize firebird on amd64 and x86. There are still some Debian patches I would like to introduce. And some other refinements. I would likely consider all that enhancements. But we will find out as we stabilize. I am sure if there are problems users or testers will let us know. I will respond to any bugs that come up after stabilization ASAP. Still need to make a change in pkg_config wrt to backing up/restoring security.fdb -> security2.fdb. Rest of pkg_config should be fine. Although I am pretty sure no one is using that. Since aspects have been broken or outdated for some time.
amd64 and x86 please test and mark stable.
Created attachment 122909 [details] firebird-2.0.1 build log fails to compile on amd64 here
Is that on a live system or in a chroot? This looks mighty odd? rm -f empty.fdb ../gen/firebird/bin/create_db empty.fdb Unable to complete network request to host "2". -Failed to establish a connection. -Invalid argument make[3]: *** [empty.fdb] Error 254 That looks to be where the error is coming from. Not really a compiling error, but one that is happening during the building/compiling of Firebird. Never seen that before. Let me see if I can replicate on my production amd64 firebird server. I had planned up upgrading that tomorrow. Not sure if I can squeeze it in today.
that was inside a chroot, it compiles fine outside of it - both systems differ pretty much though
Yeah that was failure to make a network request to the engine. I would assume more chroot specific than diff envs.
21 Jun 2007; William L. Thomson Jr. <wltjr@gentoo.org> firebird-1.5.4-r2.ebuild, firebird-1.5.4-r3.ebuild: Dropped sparc keyword down to -sparc per bug #181811 You need to drop sparc keywords from dev-python/kinterbasdb as well, it depends on firebird.
(In reply to comment #22) > > You need to drop sparc keywords from dev-python/kinterbasdb as well, it depends > on firebird. > Done, thanks sorry I missed that. Also that package might have a dead upstream? http://kinterbasdb.sourceforge.net/ Seems no version was stabilized. If upstream continues to be stagnant, might be a candidate for last rights. To at least gauge user interest or use.
x86 stable
amd64 done
We're good to go.
GLSA 200707-01, thanks everybody!